COPS: A complete oblivious processing system

Abstract

The communication link between the processor and the off-chip memory in a modern computing system is vulnerable to hardware-level security attacks. An adversary can snoop the memory access behavior over the communication link to retrieve secret information even when the data transferred over the link are encrypted. The Oblivious RAM (ORAM) mechanism is a promising solution for such a problem. ORAM hides a true memory access with a group of random memory read and write operations. To reliably estimate the cost and performance overhead incurred by ORAM in real scenarios, a complete oblivious processing system where a fully functional ORAM is integrated into a real processor system that can run an Operating System (OS) and execute real-world application workloads is required. In this paper, we present a generic design for ORAM integration into a general-purpose processing system that can be used for the integration of any ORAM design. Our design targets the ORAM integration into high-performance memory bus (AXI). The AXI-compatibility of our design makes it usable with any processor system, thus, making the ORAM integration independent of processor architecture. As a case study, we develop a complete oblivious processing system (we call it COPS) by integrating an ORAM into a general-purpose RISC-V based processing system. We evaluate ORAM performance in real-world execution environment using realistic workloads with full Operating System support. Our elevation demonstrates that our ORAM prototype, on average, can return a 64 bytes requested block to the processor in 1.46μs, which is ∼ 13x faster than the prior-art implementation.